BitGrail exchange has been hacked and it won't be the last
On February 8th 2018, BitGrail declared to its users via their website that it had discovered a shortfall of 17 million XRB. At the time of writing this post, XRB is worth $10.35. That's a loss of roughly $170 million.
Apparently the "hacker" has been withdrawing money from BitGrail for the last month or so and they only noticed that they had an immense shortfall now. Needless to say, BitGrail has fallen into immediate insolvency and all of the depositors have likely lost all of their cryptocurrency.
Reddit is full of threads of people breaking down, some having lost millions of dollars worth of XRB in this exchange hack. Losses like this could've been mitigated or avoided entirely with one simple change.
New users need to be educated that holding cryptocurrency on an exchange is the pathway to losing all of your cryptocurrency with absolutely no recourse. This has happened time and time again throughout cryptocurrency history. Exchange after exchange has been hacked and thus one of the first things anyone who is somewhat experienced will tell you is: "Do not hold your cryptocurrency on an exchange.". It is one of the most important rules of all of cryptocurrency investing.
I've seen a lot of posts on Reddit in relation to this hack talking about how people thought that they would be safe if they used two factor authentication on the website. This is a complete lack of understanding of why holding on an exchange is extremely dangerous. The reason it is dangerous is not the risk that someone can login to your account, it is the risk that someone finds a flaw in the code of the exchange and is able to gain access to the servers and ultimately the wallets where the cryptocurrencies are stored. If this happens, everyone's money on the exchange in all cryptocurrencies will be lost and this has happened many times before and will continue to happen.
As a web developer who has been involved in development for over 10 years now, I assure you that it is extremely difficult to secure a website and think of all possibilities. Just one mistake is enough for someone to gain a ton of access. This is coming from someone who regards themselves as highly skilled and with a lot of experience. You can't assume that these exchanges are all being coded by someone of comparable skill and experience. Many of them are cowboy-coded. Just because they look good and are fast doesn't mean that the code in the background isn't a mess of spahgetti.
The simple lesson of this whole situation is, don't leave your cryptocurrency on an exchange. If they exchange is hacked, you will lose everything and there will be no recourse.
Don't be lazy, get a Ledger Nano S or any other hardware wallet and store your cryptocurrency on there. If your cryptocurrency of choice is not supported by hardware wallets yet, then make a paper wallet and store it on there. Stop making excuses and stop thinking two factor authentication makes you safe, it doesn't make anything safe.
If you don't own the private keys to your cryptocurrency, you don't own any cryptocurrency.